From 3500ed6650b72640070fd03f76661005f565d7bb Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Tue, 5 May 2009 15:46:43 +0000
Subject: [PATCH] Make sure the left-shift operator never overflows. (CVS 6605)

FossilOrigin-Name: 300da30178c46ab9f2ceb0c3e3ee3eac73d5d8e1
---
 manifest      | 16 ++++++++--------
 manifest.uuid |  2 +-
 src/resolve.c |  8 ++++++--
 src/vdbeaux.c |  8 ++++----
 src/where.c   |  3 ++-
 5 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/manifest b/manifest
index 9bef3786f6..36d14bce8d 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Changes\sto\supdate.c\sto\sfacilitate\sfull\scoverage\stesting.\s(CVS\s6604)
-D 2009-05-05T15:46:10
+C Make\ssure\sthe\sleft-shift\soperator\snever\soverflows.\s(CVS\s6605)
+D 2009-05-05T15:46:43
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 583e87706abc3026960ed759aff6371faf84c211
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -156,7 +156,7 @@ F src/pragma.c c26c16c49a80d03c8597f0e6c7daba53f283428f
 F src/prepare.c 72d74e6d3b9c8eb0663b33ec6438aa718096ac79
 F src/printf.c 3f4dca207a88258d37af5a7a03e800a825fe6456
 F src/random.c 676b9d7ac820fe81e6fb2394ac8c10cff7f38628
-F src/resolve.c d01b53d81ab9b28ba7161c1af9e02bc90bbd685b
+F src/resolve.c 2ce8f8bc8a0c913cbaec3fb3da2be113ea1fa5af
 F src/rowset.c 14d12b5e81b5907b87d511f6f4219805f96a4b55
 F src/select.c 9587023e906afe2074a718d25d6a4326874fb791
 F src/shell.c 0a11f831603f17fea20ca97133c0f64e716af4a7
@@ -207,12 +207,12 @@ F src/vdbe.c e7c3355a39dfa0bf0be69e123061a6c1503fb327
 F src/vdbe.h 35a648bc3279a120da24f34d9a25213ec15daf8a
 F src/vdbeInt.h 43183a2a18654fa570219ab65e53a608057c48ae
 F src/vdbeapi.c 86aa27a5f3493aaffb8ac051782aa3b22670d7ed
-F src/vdbeaux.c 02cefacfa4cf652743c4507fa83646cd7f35e564
+F src/vdbeaux.c 7ac5c358f777388795a7a294a97d639890d1f823
 F src/vdbeblob.c e67757450ae8581a8b354d9d7e467e41502dfe38
 F src/vdbemem.c d8b985eeb88214941380372466a30ca410043a93
 F src/vtab.c 53355aa2381ec3ef2eaad25672cfd5877a02fe45
 F src/walker.c 7cdf63223c953d4343c6833e940f110281a378ee
-F src/where.c 823891e165c20ce781762a0d26f68ec908439687
+F src/where.c 6199249adebde89441e00da5fa256dd7ae005061
 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2
 F test/alias.test 4529fbc152f190268a15f9384a5651bbbabc9d87
 F test/all.test 14165b3e32715b700b5f0cbf8f6e3833dda0be45
@@ -728,7 +728,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 7f89a860b7cd0993c36a8b0482c2bac950a875d6
-R c2c2d0ce88fa821168f2cfd971608d90
+P 25a11b9ecae1befd3f58958d68f6346f1e1e47ad
+R effe924e1faf6db44318ac86798fb5da
 U drh
-Z 75899e717d2cd58cbbfebd42323ed01c
+Z 6a56d2949ddd86ce55cbcf7869e0cd21
diff --git a/manifest.uuid b/manifest.uuid
index ea66aef1c8..fe06e676b1 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-25a11b9ecae1befd3f58958d68f6346f1e1e47ad
\ No newline at end of file
+300da30178c46ab9f2ceb0c3e3ee3eac73d5d8e1
\ No newline at end of file
diff --git a/src/resolve.c b/src/resolve.c
index ac6ada05e8..4d34317e03 100644
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -14,7 +14,7 @@
 ** resolve all identifiers by associating them with a particular
 ** table and column.
 **
-** $Id: resolve.c,v 1.21 2009/05/01 21:13:37 drh Exp $
+** $Id: resolve.c,v 1.22 2009/05/05 15:46:43 drh Exp $
 */
 #include "sqliteInt.h"
 #include <stdlib.h>
@@ -248,7 +248,11 @@ static int lookupName(
             if( iCol>=0 ){
               testcase( iCol==31 );
               testcase( iCol==32 );
-              *piColMask |= ((u32)1<<iCol) | (iCol>=32?0xffffffff:0);
+              if( iCol>=32 ){
+                *piColMask = 0xffffffff;
+              }else{
+                *piColMask |= ((u32)1)<<iCol;
+              }
             }
             break;
           }
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index 3e5232258c..b26adc458b 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -14,7 +14,7 @@
 ** to version 2.8.7, all this code was combined into the vdbe.c source file.
 ** But that file was getting too big so this subroutines were split out.
 **
-** $Id: vdbeaux.c,v 1.455 2009/05/04 11:42:30 danielk1977 Exp $
+** $Id: vdbeaux.c,v 1.456 2009/05/05 15:46:43 drh Exp $
 */
 #include "sqliteInt.h"
 #include "vdbeInt.h"
@@ -730,9 +730,9 @@ static char *displayP4(Op *pOp, char *zTemp, int nTemp){
 */
 void sqlite3VdbeUsesBtree(Vdbe *p, int i){
   int mask;
-  assert( i>=0 && i<p->db->nDb );
+  assert( i>=0 && i<p->db->nDb && i<sizeof(u32)*8 );
   assert( i<(int)sizeof(p->btreeMask)*8 );
-  mask = 1<<i;
+  mask = ((u32)1)<<i;
   if( (p->btreeMask & mask)==0 ){
     p->btreeMask |= mask;
     sqlite3BtreeMutexArrayInsert(&p->aMutex, p->db->aDb[i].pBt);
@@ -1940,7 +1940,7 @@ void sqlite3VdbeDeleteAuxData(VdbeFunc *pVdbeFunc, int mask){
   int i;
   for(i=0; i<pVdbeFunc->nAux; i++){
     struct AuxData *pAux = &pVdbeFunc->apAux[i];
-    if( (i>31 || !(mask&(1<<i))) && pAux->pAux ){
+    if( (i>31 || !(mask&(((u32)1)<<i))) && pAux->pAux ){
       if( pAux->xDelete ){
         pAux->xDelete(pAux->pAux);
       }
diff --git a/src/where.c b/src/where.c
index 436c24684b..0715095353 100644
--- a/src/where.c
+++ b/src/where.c
@@ -16,7 +16,7 @@
 ** so is applicable.  Because this module is responsible for selecting
 ** indices, you might also think of this module as the "query optimizer".
 **
-** $Id: where.c,v 1.392 2009/05/01 21:13:37 drh Exp $
+** $Id: where.c,v 1.393 2009/05/05 15:46:43 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -384,6 +384,7 @@ static void whereSplit(WhereClause *pWC, Expr *pExpr, int op){
 */
 static Bitmask getMask(WhereMaskSet *pMaskSet, int iCursor){
   int i;
+  assert( pMaskSet->n<=sizeof(Bitmask)*8 );
   for(i=0; i<pMaskSet->n; i++){
     if( pMaskSet->ix[i]==iCursor ){
       return ((Bitmask)1)<<i;